Freely subscribe to our NEWSLETTER

Some of the biggest changes include insisting that businesses specifically appoint a data protection officer and enforcing fines of up to €100 million to businesses that suffer a data breach.

Implementing such drastic measures for small companies is of course unfeasible and it is good to see that the commission has taken this into account, making them exempt from many of the more hard-line regulations. Nonetheless, the rules are changing and small business owners will be forced to comply. As such, more clarity is needed to ensure that SMEs are not left vulnerable.

While it is important that small business owners are not burdened with the same regulations and sanctions as large corporations, this could leave large grey areas. For example SMEs will not be fined for a first and non-intentional breach of the rules – this could lead to confusion and create a culture of avoiding fines, rather than protecting valuable company and customer assets. If small businesses are to adhere to changing regulations the Commission will need to lay down in black and white guidelines that are tailored to the needs of SMEs and provide the education needed to comply.

Small business owners may not be required to hire a data expert, but as such they will be expected to make sense of data and security regulations themselves. It is essential that the Commission provides small business owners with the tools and support needed to protect themselves and avoid business damaging customer and company data breaches - and consequent fines.

In the meantime, small business owners need to start thinking about the changes they may need to make to their business now, to avoid unnecessary upheaval when the regulations come into play.”